Archive - September 2021

Bug Bounty Radar // The latest bug bounty programs for October 2021 30 September 2021 at 16:12 UTC Latest web hacking tools – Q4 2021 30 September 2021 at 14:36 UTC RCE vulnerabilities in open source software Cachet could put users at risk 29 September 2021 at 15:30 UTC Navistar confirms data breach involved employee healthcare information 29 September 2021 at 14:19 UTC What does the future hold for browser security? Check out the latest features destined for mobile and desktop 29 September 2021 at 13:28 UTC WordPress security: CookieYes GDPR plugin patches XSS bug following large-scale PHP audit 29 September 2021 at 12:24 UTC Mission accomplished: Security plugin HTTPS Everywhere to be deprecated in 2022 28 September 2021 at 14:52 UTC Social media scam: Twitter bots are tricking users into making PayPal and Venmo payments into fraudsters’ accounts 28 September 2021 at 13:41 UTC Better future? Safari browser extension is preparing for Apple’s ‘post-privacy’ world 28 September 2021 at 11:37 UTC Google Chrome to incorporate new secure payment feature 27 September 2021 at 15:32 UTC OWASP toasts 20th anniversary with revised Top 10 for 2021 27 September 2021 at 14:59 UTC VMware vCenter deployments under attack as enterprises urged to update systems 27 September 2021 at 13:26 UTC Opera browser patches My Flow remote code execution vulnerability 27 September 2021 at 10:50 UTC Developers fix multitude of vulnerabilities in Apache HTTP Server 24 September 2021 at 15:34 UTC Meet TruffleHog – a browser extension for finding secret keys in JavaScript code 24 September 2021 at 14:45 UTC Bitcoin.org hack nets giveaway scammers $17,000 overnight 24 September 2021 at 13:28 UTC Millions of South Africans caught up in security incident after debt recovery firm suffers ‘significant data breach’ 24 September 2021 at 11:29 UTC Fake WhatsApp backup message delivers malware to Spanish speakers’ devices 23 September 2021 at 15:11 UTC Netgear fixes RCE flaw in routers’ parental controls feature 23 September 2021 at 12:47 UTC Beego patches severe XSS vulnerability in open source web framework 23 September 2021 at 10:50 UTC Device ‘breakage’ concerns persist days before Let’s Encrypt root cert expiry 22 September 2021 at 16:07 UTC VMware security warning: Multiple vulnerabilities in vCenter Server could allow remote network access 22 September 2021 at 14:15 UTC APT focus: ‘Noisy’ Russian hacking crews are among the world’s most sophisticated 22 September 2021 at 13:24 UTC New iCloud Private Relay service leaks users’ true IP addresses, researcher claims 22 September 2021 at 11:42 UTC Weaponized ManageEngine flaw poses ‘serious risk’ to high-profile US targets – CISA 21 September 2021 at 15:15 UTC French shipping giant CMA CGM suffers data breach 21 September 2021 at 12:40 UTC US optometry provider Simon Eye hit by data breach impacting 144,000 patients 21 September 2021 at 11:02 UTC US policy change states healthcare apps must follow data breach notification rules 20 September 2021 at 16:00 UTC Zero-click RCE vulnerability in Hikvision security cameras could lead to network compromise 20 September 2021 at 15:02 UTC EventBuilder misconfiguration exposes personal details of 100,000 event registrants 20 September 2021 at 13:08 UTC VPN users unmasked by zero-day vulnerability in Virgin Media routers 20 September 2021 at 11:03 UTC Alaska Department of Health reveals data breach potentially exposing residents’ financial, health information 17 September 2021 at 15:23 UTC Epik hack exposes lax security practices at controversial web host 17 September 2021 at 13:57 UTC Google announces partnership to review security of open source software projects 17 September 2021 at 12:54 UTC Manufacturing industry must limit internal data access to prevent sensitive leaks – report 16 September 2021 at 15:30 UTC Meris botnet leverages HTTP pipelining to smash DDoS attack records 16 September 2021 at 13:59 UTC UK armed forces confirm cyber as fifth dimension of warfare 16 September 2021 at 12:01 UTC Remote code execution flaw allowed hijack of Motorola Halo+ baby monitors 15 September 2021 at 15:53 UTC Supply chain attacks against the open source ecosystem soar by 650% – report 15 September 2021 at 13:49 UTC Credential leak fears raised following security breach at Travis CI 15 September 2021 at 12:40 UTC Speer review: Researchers pick apart Node.js communication app 14 September 2021 at 15:00 UTC Critical encryption vulnerability found in secure communications platform Matrix 14 September 2021 at 14:03 UTC Olympus insists medical services ‘uninterrupted’ by malware attack 14 September 2021 at 12:25 UTC Fraudster handed 11-year prison term for role in North Korean cybercrime operation 13 September 2021 at 14:11 UTC Texas Republican Party website defaced in ‘Anonymous’ protest against abortion law 13 September 2021 at 12:29 UTC VMware denies allegations it leaked Confluence RCE exploit 10 September 2021 at 16:30 UTC WordPress 5.8.1 security release addresses clutch of vulnerabilities 10 September 2021 at 13:23 UTC Spook.js – New side-channel attack can bypass Google Chrome’s protections against Spectre-style exploits 10 September 2021 at 11:06 UTC OWASP shakes up web app threat categories with release of draft Top 10 09 September 2021 at 16:47 UTC HAProxy vulnerability enables HTTP request smuggling attacks 09 September 2021 at 15:07 UTC One in five IceWarp mail servers still vulnerable to pre-pandemic security flaw 09 September 2021 at 13:47 UTC WordPress security: Information leak flaw addressed in Ninja Forms 08 September 2021 at 16:23 UTC New York State vaccine pass shortcomings offer lessons for other coronavirus app developers 08 September 2021 at 14:55 UTC Machine learning technique detects phishing sites based on markup visualization 08 September 2021 at 10:50 UTC Jenkins project succumbs to ‘mass exploitation’ of critical Atlassian Confluence vulnerability 07 September 2021 at 15:52 UTC PoC released for Ghostscript vulnerability that exposed Airbnb, Dropbox 07 September 2021 at 14:12 UTC Data breach at US restaurant and gambling chain Dotty’s may have leaked sensitive customer information 07 September 2021 at 11:06 UTC French government visa website hit by cyber-attack that exposed applicants’ personal data 06 September 2021 at 15:22 UTC Raider: A tool to test authentication in web applications 06 September 2021 at 14:45 UTC Russian retailer issues DEXP phone recall following security audit 06 September 2021 at 12:55 UTC ‘Nasty stuff’: Research into Russian push-button cellphones uncovers legion of security issues 03 September 2021 at 15:00 UTC Cisco urges users to patch critical vulnerability in virtualized network devices after PoC is made public 03 September 2021 at 13:45 UTC Dallas Independent School District reports data breach impacting current and former students, staff 03 September 2021 at 12:23 UTC Zero-day flaws in IoT baby monitors could give attackers access to camera feeds 02 September 2021 at 16:15 UTC Node.js archives serious tar handling vulnerabilities with software update 02 September 2021 at 15:41 UTC ‘Stalkerware’ vendor SpyFone barred from surveillance market, FTC announces 02 September 2021 at 14:39 UTC Mozilla offers transparency by publishing VPN audit 01 September 2021 at 16:40 UTC CREST: NCC Group ‘vicariously responsible’ for those involved in exam controversy 01 September 2021 at 15:23 UTC Eight US financial services firms given six-figure fines over BEC data breaches 01 September 2021 at 13:50 UTC Singapore government launches bug bounty program for digital services 01 September 2021 at 12:50 UTC